/*
 * TLS-Attacker - A Modular Penetration Testing Framework for TLS
 *
 * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
 *
 * Licensed under Apache License, Version 2.0
 * http://www.apache.org/licenses/LICENSE-2.0.txt
 */
package de.rub.nds.tlsattacker.core.constants;

/** Constants for DTLS 1.3 mask generation as specified in RFC 9147. */
public class Dtls13MaskConstans {

    /**
     * When the AEAD is based on AES, then the mask is generated by computing AES-ECB on the first
     * 16 bytes of the ciphertext
     */
    public static final int REQUIRED_BYTES_AES_ECB = 16;

    /**
     * When the AEAD is based on ChaCha20, then the mask is generated by treating the first 4 bytes
     * of the ciphertext as the block counter and the next 12 bytes as the nonce, passing them to
     * the ChaCha20 block function
     */
    public static final int REQUIRED_BYTES_CHACHA20 = 16;

    public static final int REQUIRED_NONCE_SIZE_CHACHA20 = 4;
    public static final int REQUIRED_COUNTER_SIZE_CHACHA20 = 12;

    private Dtls13MaskConstans() {}
}
